Merge pull request #21 from mpolci/master

Set files ownership and mode of generated cert. Fix issue #18
jdauphant · Jun 30, 2016 · 745149d · 745149d
2 parents e5d251e + 4c00878
commit 745149d
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/tasks/generate.yml b/tasks/generate.yml
@@ -2,9 +2,19 @@
   - name: Generate RSA key
     command: openssl genrsa -out {{ ssl_certs_privkey_path }} {{ ssl_certs_key_size }} creates={{ ssl_certs_privkey_path }}
 
+  - name: RSA key file ownership
+    file: path={{ ssl_certs_privkey_path }} owner={{ ssl_certs_path_owner }} group={{ ssl_certs_path_group }} mode={{ ssl_certs_mode }}
+
   - name: Generate CSR
     command: openssl req -new -sha256 -subj "{{ ssl_certs_fields }}" -key {{ ssl_certs_privkey_path }} -out {{ ssl_certs_csr_path }} creates={{ ssl_certs_csr_path }}
 
+  - name: CSR file ownership
+    file: path={{ ssl_certs_csr_path }} owner={{ ssl_certs_path_owner }} group={{ ssl_certs_path_group }} mode={{ ssl_certs_mode }}
+
   - name: Generate self-signed SSL certificate
     command: openssl req -nodes -x509 -days {{ ssl_certs_days }} -in {{ ssl_certs_csr_path }} -key {{ ssl_certs_privkey_path }} -out {{ ssl_certs_cert_path }} -extensions v3_ca creates={{ ssl_certs_cert_path }}
     when: ssl_certs_generate_self_signed
+
+  - name: Self-signed SSL certificate file ownership
+    file: path={{ ssl_certs_cert_path }} owner={{ ssl_certs_path_owner }} group={{ ssl_certs_path_group }} mode={{ ssl_certs_mode }}
+    when: ssl_certs_generate_self_signed